Subj : [$] The burden of knowledge: dealing with open-source risks
To   : All
From : LWN.net
Date : Fri Mar 14 2025 14:00:08

[$] The burden of knowledge: dealing with open-source risks

Date:
Fri, 14 Mar 2025 13:54:04 +0000

Description:
Organizations relying on open-source software have a wide range of
tools, scorecards, and methodologies to try to assess security, legal,
and other risks inherent in
their so-called supply chain. However, Max Mehl argued
recently in a short talk at FOSS Backstage in Berlin (and
online) that all of
this objective information and data is insufficient to truly
understand and address risk. Worse, this information doesn't provide
options to improve the situation and encourages a passive mindset. Mehl, who 
works as part of  
the CTO group at DBSystel , encouraged better risk assessment using
qualitative data and direct participation in open source.

======================================================================
Link to news story:
https://lwn.net/Articles/1013614/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.